What’s Missing from CrowdStrike?

GettyImages-1055846650I was fortunate enough to be invited to attend Fal.Con Unite 2019 in San Diego earlier this week where the CrowdStrike team brought together over 1200 customers for two and a half days of keynotes and learning sessions. It was apparent from the moment we arrived that there was a significant partner focus, with many visible conference sponsors and partner-led sessions (most of whom are recent CrowdStrike Store partners), plus six new Store partners who are all leveraging CrowdStrike APIs and threat graph data to enhance their solutions. And of course, there was much to say about product and services roadmaps, as well as plenty of learning sessions to help users get the most out of their investment with CrowdStrike.

As an industry analyst, we are often “tagged” with a special badge to ensure people know who we are, but the nice folks at CrowdStrike didn’t label us, instead providing us attendee badges like everyone else. This helped facilitate many organic conversations with other attendees where I learned that people are generally very happy with their CrowdStrike solutions, and most believe CrowdStrike is doing a great job of providing effective endpoint security protection for their organizations. I attend many user conferences where most attendees are generally happy with the vendor, but often bring challenges that they still need to work through. But I’ve got to say, at Fal.Con, there was an overwhelming positive vibe about both the company, the technology, and the threat intel provided -- more so than I typically see.

The day two keynote featured CTO Dmitri Alperovitch sharing this year’s latest announcements, including three new innovations launched under the umbrella of "CrowdScore": Alert prioritization; Attack Narrative; and Organization-Wide Threat Score. Based on what I saw, all three appear to bring new value to an organization’s ability to more rapidly understand and investigate incidents, and to project a current, overall threat level for the entire organization (similar to the Defense Readiness Condition (DefCon) level concept used by the US DoD). Dmitri went on to talk about the six new partners (Aclavio, Airlock, Automox, Exabeam, NopSec, and RiskIO) and highlighted a handful of additional new product enhancements, including Falcon for AWS to protect cloud workloads, and firewall management (which has been a gap for CrowdStrike when compared to endpoint solutions from more established vendors).

Ok, so what’s missing? Dmitri closed with a BIG statement about collaboration (COLLABORATION was displayed across the entire 100-foot video screen), that got me excited – at least for a moment. He talked about how we all need to be working together, helping to inform each other about emerging threats, intel, and response strategies to fend off the adversary. As he continued, I realized that he was talking more about vendor collaboration, highlighting the six new Store partners.

While building an ecosystem is important, what I really want to hear about is how CrowdStrike can enable security analysts around the globe to work together more collaboratively with each other. If we’re all on the same team, then let’s invest in capabilities that enable us to actually collaborate with each other. And hey, I understand that building great collaboration tools isn’t CrowdStrike’s focus, but I’d sure like to see them OEM a collaboration tool and build it into the broader platform workflow.

And can we talk about the security “community” for a minute? In my opinion, one of the critical, missing elements in the security “community” is a more organic community. Sure, we are all fighting common adversaries, but most of us are depending on commercial vendors to do most of the work.

As a leader in endpoint security, I’d like to challenge CrowdStrike to step up and drive a bigger community agenda. Helping facilitate collaboration is table-stakes for building community. This isn’t a new idea – just asking that our very successful friends at CrowdStrike step up and take a leadership role in the effort.

CrowdStrike continues to execute well with core endpoint security and related services, and I applaud them for focusing on building a partner ecosystem on top of their platform. Overall, I was impressed with the conference, the overall enthusiasm from customers, and the innovation that continues to come from the CrowdStrike team. To get to the next level, they need to focus on a more open ecosystem together with enabling the security community to collaborate more as they learn and fight the adversary. Kudos to the marketing and products teams for putting on a great customer event. Here’s to hoping for more focus on collaboration for security pros in the coming year.

Topics: Cybersecurity